What’s scope creep? How can it affect an investigation?
Scope creep, defined as when a project’s requirements increase over time, can frequently occur within an investigation; this is often due to newly found evidence (Nelson, Phillips, Steuart, 2019). Scope creep can negatively impact an investigation due to consuming more time and resources, as well as further complicating the original case. In any adequately planned investigation, the estimated time frame of data retrieval, the necessary software and hardware, as well as any possible changes to data extraction or legal concerns, all need to be figured out ahead of time. With scope creep, hopeful assumptions of the project can quickly be eliminated.
There are various things one can do to help manage scope creep, including allocating more funds, personnel, and hardware/software to be used in emergency/backup situations. One can also thoroughly analyze all data systems for hidden or encrypted data; realizing that more data exists in an investigation once it has already started can significantly hinder the estimated time to completion. Furthermore, carefully researching legal issues and concerns in the investigation can reduce the number of sudden changes.
Scope creep in digital forensics is quite similar to scope creep in any type of project management; its possible complications can pose challenges that can turn even the most properly planned project into a nightmare. Only by understanding that a forensic investigation is anything but a guaranteed series of events, we, as forensic investigators, can remain ready to adapt to change.
Nelson, B., Phillips, A., & Steuart, C. (2019). Guide to Computer Forensics and Investigations. Boston, MA: Cengage Learning.